mirror of
https://github.com/apache/superset.git
synced 2026-06-11 18:49:15 +00:00
4415b8a400
Disabling a user account (active=False) terminates that user's outstanding sessions on their next request via a per-user invalidation epoch (user_attribute.sessions_invalidated_at). Works for both client-side cookie sessions and server-side session stores. Inert for users that were never disabled (NULL epoch). The migration backfills the epoch for accounts already disabled at upgrade time. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>